MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19
SHA3-384 hash: 100e55aee431b9fa3e73199fd78672ce4a035ffcbb634dd35945ca38d974cdafc0b3bc4b62a350909f88790743760fc8
SHA1 hash: 8750c27c58467b1c05e9912ce80ecce524ff3c38
MD5 hash: 2a4f55e3cee56751331314b2357bac87
humanhash: helium-nebraska-twelve-stairway
File name:d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19
Download: download sample
Signature ZeuS
Create hunting rule
File size:307'525 bytes
First seen:2020-06-29 07:28:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b40f29cd171eb54c01b1dd2683c9c26b (45 x GuLoader, 16 x RemcosRAT, 15 x VIPKeylogger)
ssdeep 6144:0Fay4JR4GMcIvfflZhpRj9OmVfuiUws9HPyH1q:M4M9fPlZhXJFVfPUnsq
Threatray 133 similar samples on MalwareBazaar
TLSH 1A6413A415FE8453E78BDEB11AAE2B31D3F5B228651D8786BB141FBA2C515C3F2143C2
Reporter JAMESWT_WT
Tags:ZeuS

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15653/
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Detection:
citadel
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2013-09-05 03:26:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3a7d6wzerpalcz3lwca42uhi34g5mahuxestiznkn3ld6jr47umq._file
Verdict:
malicious
Similar samples:
118185aed4dd97bbf3fe28bebb075a67ca7dbf75dee24efa999e170ee13d0396
ZeuS
1ec347934db2ded3a012479882732bfb3cdc85b0d4b2911e3402c1fa693a2235
ZeuS
371b9214f60a70c81ec1756d284e8028ff7603498341ecb7fa5cc09f3b10043e
ZeuS
4544ada7458cad0c5a467b9bff1ac1a25f959e35c41a04298738195f93d7899a
ZeuS
51bc210eb085de493839d64fb12c5dddfeb856a8f590587222e42dd6f6118bc1
ZeuS
ae0d3dbeab58e9b9b68ab6087eb5b30ace6f8892af4a85034f77ae3592271e42
ZeuS
b7f6102de87c99e03f47ea0b642f265cdf584316ac3e02733d42c3b17603a22c
ZeuS
cf813a86d30ddd0c2ca59f73334fffd241bfd31eddfe30dc2e73d5b29ae752d1
ZeuS
fcce249643f7fe240695fdbc393b54a543fa4a49942b56ad8aad6f219c4f896d
ZeuS
ff92eb5433354ad51ba6c586ed91e8b69f32271b0d523352c87f8ae4d075151b
ZeuS
+ 123 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200629-q4qpnvmt12/
Behaviour
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
NSIS installer
Suspicious use of SetThreadContext
Adds Run entry to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15653/

Comments